Search

Linux Leader Expounds on His Colorful Comments

Somewhat known for his vivid — and sometimes vituperative — commentary, Linus Torvalds is no stranger to controversy. That experience may do him well this week, as the torches and pitchforks have come out and are marching his way after an interview with Network World reignited the flames fanned by last month's colorful commentary on security.

The controversy is back on the front pages this week, as Linus rehashed the issue in his Network World interview, saying he's fed up with the "security circus," describing it as PR posturing on the part of two different, but equally irritating, camps. On one side, he says, are those who want total secrecy, refusing to disclose any bug until it has been patched, and on the other are those who "revel" in finding and disclosing bugs, which he attributes to a desire to embarrass vendors — "proof that the vendors are corrupt and crap, which admittedly mostly are." Torvalds described both groups as "crazy" and "idiots" more interested in the publicity surrounding their work than actually patching the vulnerabilities.

Linus says he practices a middle path — "the Unix model" — where bugs are reported privately, but are not kept secret indefinitely, vendors are compelled to patch vulnerabilities, without being publicly shamed, and the focus remains on fixing bugs and produces as little fanfare as possible. While that may certainly be the case for kernel bugs, "as little fanfare as possible" certainly doesn't describe the reception of his comments.